modules/core/security/sops.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

{ pkgs, ... }:
{
  environment.systemPackages = [
    pkgs.sops
  ];

  sops = {
    gnupg.sshKeyPaths = [ ];
    secrets.tailscale_authentication_key.sopsFile = ../../../secrets/hosts.yaml;

    age = {
      sshKeyPaths = [ ];
      keyFile = "/var/lib/sops-nix/keys.txt";
      generateKey = true;
    };
  };
}